Splunk Search

How to exclude fields from LinearRegression command/use subsearch to generate fields for LinearRergession ?


Consider fit LinearRegression
| fit LinearRegression "name2predict" from "f1" "f2" into "test_model"

Question 0
What are flexebilities defining the FEATURE LIST -- i.e. from "f1" "f2" ?

SubQuestion 1
Is it possible to write something like
NOT "f1" - exclude "f1"
or something like f1* OR f2*
etc ?

SubQuestion 2 Can we use somehow subsearch to generate fields list ?

If no simple way to do it what are some ways round ?

0 Karma


If you wanted to exclude f1 then you should not include it as your explanatory field.. Why would you want to choose f1 OR f2? Why not just include both and let the machine determine which feature to put emphasis on? You can run | summary <model_name> to identify how much impact each feature has on the target function.

Why do you mean using a sub-search to generate a fields list? Are you referring to making the data available so you can fit your model? If so, then you can use whatever you want just as long as the data is available before the fit command. One thing to consider though is speed and scale. You need to make sure your search is fast so it can run on a consistent basis so the machine can keep learning and adapting

0 Karma


To make explicit description of fields names is very inconvenient in my case, because that names can be changed. I want to exclude very specific name like "_time" , but I do not want to exclude by previous "field - _time" command, because then it will dispappear from the whole pipiline, so it would be impossible to plot by next command "table _time, error". By using subsearch I mean something like [ | mcatalog | return ??? ] put such expression instead of explicit fields list.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...